Safeguarding data across borders

With the increasing reliance on technology for storing and circulating important and personal information, the threat of data breaches and theft has become a major issue. Organizations are embracing privacy by design principles and enhancing transparency in their data handling practices.

As data has taken precedence and gained utmost importance for security, what are some of the challenges that organizations facing today and how do you address them?

Organizations in the Middle East are facing significant challenges in effectively managing and safeguarding vast amounts of data, complying with data privacy regulations, addressing increasing cyber threats, and ensuring data protection across various platforms. To tackle these challenges, we recommend organizations to develop a data privacy and data security program which is a phased approach towards achieving their goals. This involves developing their strategy, developing and implementing best practices for data discovery, data classification, implementation of technology controls and monitor them 24x7. One of the fundamentals is to plan the journey in a logical manner rather than investing in technologies without meeting the pre-requisites for a successful implementation.

How do you balance the need for data security with the need for accessibility and ease of use?

To achieve a harmonious balance, it is crucial to initially align the security program with the organizational business functions and clearly define expectations while safeguarding the customer experience. Subsequently, creating and executing a customized security and privacy-centric program that is intuitively designed and seamlessly integrated for end users is necessary.

With data so diversified today in storage and movement, what are some of the trends you see in the market that organizations are implementing to increase data security?

Organizations are exploring various avenues to enhance data security. Firstly, the adoption of cloud technology has resulted in the implementation and expansion of cloudbased security solutions. These solutions seamlessly utilize advanced encryption and authentication mechanisms, offering precise controls for privileged users. This significantly contributes to securing data stored and processed in the cloud. Secondly, there is a growing emphasis on data-centric security approaches within data centers, such as masking, tokenization, and classification. These measures significantly improve the overall security maturity. Lastly, the Middle East region has witnessed the release or ongoing development of privacy regulations. As a result, organizations are embracing privacy by design principles and enhancing transparency in their data handling practices.

What can organizations do to ensure that their data is secured in a cloud environment spanning across IaaS, PaaS and SaaS solutions available today in the market?

When designing security measures for a multi-tenant or service environment, it is crucial to consider the following essential aspects: l Default assumption of data security responsibility lying with the tenant l Carefully define and establish a responsibility segregation matrix when entering into contracts with service providers l Implement robust access control mechanisms l Utilize encryption for data at rest and in transit l Monitor and log activities taking place in the cloud l Design, implement, and establish security configurations as a baseline l Conduct regular assessments and audits of the environment l Periodically review the independent security reports published by the cloud provider l Assess the security measures of your third-party vendors l Conduct comprehensive risk assessments regularly to identify, track, and mitigate risks specific to the cloud environment

How does data security controls identification and implementation differentiate between on premise infrastructure and on cloud infrastructure?

These two distinct technology delivery models necessitate identifying and delineating different levels of responsibility. In an on-premise infrastructure model, the organization retains complete control over security controls, while in cloud environments, security and other responsibilities are often shared with the cloud provider. Cloud environments require a comprehensive approach to identifying and implementing security controls that can be applied within this shared responsibility framework. The extent of shared responsibilities varies based on the service model adopted by the organization, with responsibilities decreasing as the model transitions from IaaS (Infrastructure as a Service) with the most responsibilities, to SaaS (Software as a Service) with the least responsibilities.

How do organizations plan to manage and secure data from different sources such as Social Media, IoT devices and more modern data oriented technologies?

Robust data governance, security, and privacy strategies are essential for effectively managing and safeguarding data from diverse sources. A key consideration is to conduct thorough risk assessments before adopting modern data-centric technologies, as they can highlight potential issues that need to be addressed. In addition to establishing baseline security controls, organizations are embracing advanced analytics and AI-driven technologies to detect anomalies in real time, enabling proactive response and immediate action.

The applicability of privacy regulations largely depends on the industry and the country in which an organization operates. Some countries within the Gulf Cooperation Council (GCC) region have already enacted privacy laws e.g. UAE, KSA, while others are in the process of doing so. It is crucial for organizations to closely monitor the release of these laws and regulations to avoid penalties, litigation, and ensure effective implementation of privacy laws. By staying updated and compliant with privacy and security regulations, organizations can mitigate risks and ensure proper adherence to privacy requirements.

Ans: Data backups and data recovery play a vital role in cloud environments, ensuring the availability of data, mitigating the risk of data loss or corruption, and supporting business continuity. This significance is particularly notable in service models such as IaaS, where organizations have control over data backups and restoration. However, in the case of SaaS, data backups become the responsibility of the cloud provider. Therefore, it is crucial to thoroughly review the contractual agreement regarding data availability while also ensuring that the platform remains resilient to cyber-attacks. Organizations can safeguard their data and maintain operational continuity in the cloud environment despite rampant ransomware attacks.

Organizations must start by conducting a comprehensive assessment of existing data security measures and identify areas of improvement. The next critical step is to define clear and measurable goals while also aligning with any local regulation that may apply to the organizations’ environment. The identified controls need to be then integrated with the overall security management framework of the organization in order to ensure that the framework remains holistic and compliments the data security centric technologies that the organizations implement. It is also imperative to design and implement the right operating model for data security to ensure continuous improvements.

The following recommendations are suggested to enhance the maturity of data security practices within organizations. Organizations can proactively strengthen their data security practices by following these recommendations and effectively mitigate risks,

1. Develop a data security strategy and roadmap aligned to organization and regulatory needs

2. Conduct Data Discovery to gain visibility for structured and unstructured data

3. Establish comprehensive security policies that outline guidelines and procedures for data security

4. Classify your data and enforce classification through technology controls

5. Implement technologies to protect data transfer securely within the organization and outside the organization

6. Regularly assess and update security measures to adapt to evolving threats and technologies

7. Stay informed about emerging threats, industry best practices, and advancements in data security technologies

8. Operationalize your processes to ensure continuous improvements ë

EC MEA: It is the inaugural edition of GITEX Africa, how do you see this as a great step towards Africa’s tech competitiveness?

VP: GITEX is a significant technology showcase that Redington has been actively participating in for a long time. It’s particularly exciting that GITEX is taking place in Africa because Africa holds tremendous potential for technology to make a meaningful difference in people’s lives across various aspects. Technology is crucial for achieving equality, ensuring rights, and improving overall quality of life. Therefore, Africa greatly needs and benefits from events like GITEX, and I am delighted to be involved in this inaugural edition.

EC MEA: Tell us about your presence and reach in the Africa

VP: Africa has been a market where Redington has had a presence for over 14 to 15 years. Initially, our approach involved establishing service centers to directly serve customers and then expanding through distribution. However, as technology advances, we see innovations like cloud computing and digital solutions breaking down boundaries and becoming universally accessible. In response, our approach to Africa has shifted to focus more on digitalization rather than just physical infrastructure. We have launched a digital twin of Redington, a platform that caters to the businesses and technologies we manage. Through this digital portal, we have onboarded partners from across Africa and conduct business digitally. Additionally, we offer cloud solutions through our portal called Cloud Quarks, enabling us to provide a wide range of cloud services directly to customers in Africa through our channel partners.

EC MEA: Africa is always known to have leapfrogged technologies. How do you see the region achieving newer strides in technology with GITEX now?

VP: The true impact of our efforts can be seen in how technology improves the lives of ordinary people. To remain relevant in any market, technology must address real needs. In Africa, technology has played a significant role in areas such as food and supply, pharmaceuticals, healthcare, and accessible financial services. Numerous microfinancing and fintech platforms have emerged successfully across many African countries, all powered by technology, security measures, and the devices that facilitate access to these services. Redington is pleased to be part of this transformative process as a technology aggregator and ecosystem provider. From distributing mobile phones to cloud solutions and everything in between, we offer the necessary infrastructure, security solutions, and consulting practices to support our customers’ digital transformation.

EC MEA: What are you showcasing in GITEX Africa?

VP: At GITEX, we are showcasing a combination of services provided by Redington and its subsidiaries, including Ensure and DigiGlass. Ensure focuses on delivering excellent customer experiences through its service centers located across 25 African countries. Meanwhile, Citrus Consulting assists our customers in their digital and technological transformations. Additionally, DigiGlass, our managed security services business, addresses the increasing importance of security for customers in Africa, particularly through our channel partners. DigiGlass has already amassed nearly 100 customers who benefit from our managed security services.

In addition to DigiGlass, we are highlighting the best cloud solutions and security-related protocols and platforms we offer. Our goal is to create a digital replica of our work in Africa, just as we do elsewhere, to expand our digital e-commerce capabilities through a B2B website and make our cloud services and solutions widely available in multiple countries. These priorities demonstrate our commitment to Africa and our determination to provide relevant solutions tailored to the region’s specific needs.

EC MEA: How are you expanding your reach in Africa?

VP: Our team in Africa is substantial, and while we have been primarily driven by expatriate employees in the past, we are actively transitioning to a more countrydriven approach. We are dedicated to promoting and nurturing local talent in every location we operate. ë